This page functions as a cheat sheet for a Hashcat tutorial, in addition to providing instructions for our password-cracking assignment for Problem Set 5.
For each student in the class, we have created three files of 100 passwords each. Each of the three files contains passwords hashed with a different hash function. Download your three files from here by looking for the three files with your cnet id.
Hashcat:
If you have a compatible Nvidia or AMD graphics card, you will want to download the GPU-based oclHashcat, whereas everyone else will want the CPU-based Hashcat. It should work on Linux, OS X, and Windows (because Hashcat is awesome).
When you get a set of hashes, the first step is to figure out what hash function was used. You can use an online version of the Hashtag script to identify possibilities. For instance, try 5f4dcc3b5aa765d61d8327deb882cf99, which is "password" hashed with MD5. Once you know which (or which set of) hashes are possible, you will need to know the hash function (the -m parameter) for Hashcat from their list.
To run Hashcat, go to a command prompt, navigate to the directory where the files are, and call the appropriate binary. For example, for the 64-bit CPU-based Hashcat on Ubuntu, I call ./hashcat-cli64.bin
This won't do anything, though. You need to point Hashcat towards the file of hashes you want to crack (giving it the full path if it's not in the same directory as your HashCat executable). You must also specify an attack mode. Your successful cracks will appear in the hashcat.pot file in the same directory as Hashcat, though you can change the output file using the -o option.
Here are some sample attack modes:
Note that all passwords in a given set use the same hash function. You will receive 2 points for each successful crack from set 1, 5 points for each successful crack from set 2, and 40 points for each successful crack from set 3. You will be submitting your .pot file (output file from HashCat) using instructions we will provide closer to the deadline.